A New Source Code Auditing Algorithm for Detecting LFI and RFI in PHP Programs

Free registration required

Executive Summary

Static analysis of source code is used for auditing web applications to detect the vulnerabilities. In this paper, the authors propose a new algorithm to analyze the PHP source code for detecting LFI and RFI potential vulnerabilities. In the approach, the authors first define some patterns for finding some functions which have potential to be abused because of unhandled user inputs. More precisely, they use regular expression as a fast and simple method to define some patterns for detection of vulnerabilities. As inclusion functions could be also used in a safe way, there could occur many False Positives (FP).

  • Format: PDF
  • Size: 312.7 KB